You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Harikrishna Patnala <ha...@citrix.com> on 2012/11/20 10:32:37 UTC

Using POST requests instead of GET for the commands containing password

Some commands include password parameter in the query string like when adding the external resources or hosts or cluster.
Since all of our API is GET, all parameters are present in the query string and are getting logged.

Is it better to change these specific requests into POST ?


Thanks

RE: Using POST requests instead of GET for the commands containing password

Posted by Pranav Saxena <pr...@citrix.com>.

We are planning  to fix it for the next release.  

Regards,
Pranav

-----Original Message-----
From: Koushik Das [mailto:koushik.das@citrix.com] 
Sent: Tuesday, November 20, 2012 3:38 PM
To: cloudstack-dev@incubator.apache.org
Subject: RE: Using POST requests instead of GET for the commands containing password

This was already discussed earlier http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-dev/201207.mbox/%3c2529883E7B666F4E8F21F85AADA43CA70100E883AD41@BANPMAILBOX01.citrite.net%3e
The UI needs to be fixed for all such API calls that has password as parameter. There was already an issue in the old JIRA (refer old thread for bug ID), needs to be cloned if not present in apache JIRA.

-Koushik

-----Original Message-----
From: Harikrishna Patnala [mailto:harikrishna.patnala@citrix.com] 
Sent: Tuesday, November 20, 2012 3:03 PM
To: cloudstack-dev@incubator.apache.org
Subject: Using POST requests instead of GET for the commands containing password

Some commands include password parameter in the query string like when adding the external resources or hosts or cluster.
Since all of our API is GET, all parameters are present in the query string and are getting logged.

Is it better to change these specific requests into POST ?

Thanks

RE: Using POST requests instead of GET for the commands containing password

Posted by Koushik Das <ko...@citrix.com>.

This was already discussed earlier http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-dev/201207.mbox/%3c2529883E7B666F4E8F21F85AADA43CA70100E883AD41@BANPMAILBOX01.citrite.net%3e
The UI needs to be fixed for all such API calls that has password as parameter. There was already an issue in the old JIRA (refer old thread for bug ID), needs to be cloned if not present in apache JIRA.

-Koushik

-----Original Message-----
From: Harikrishna Patnala [mailto:harikrishna.patnala@citrix.com] 
Sent: Tuesday, November 20, 2012 3:03 PM
To: cloudstack-dev@incubator.apache.org
Subject: Using POST requests instead of GET for the commands containing password

Some commands include password parameter in the query string like when adding the external resources or hosts or cluster.
Since all of our API is GET, all parameters are present in the query string and are getting logged.

Is it better to change these specific requests into POST ?

Thanks